Symbol Ofbuscation Score
|
Hash | Hash Value |
|---|---|
| MD5 | 09ebbfc4a7df6062505ad38e11113b20
|
| Sha1 | aceb491ec66b53099663eb1a3643c2bbb08537cd
|
| Sha256 | fe4f88f0e8f21d8f48c20d863294b3f360008dfeff3c6aa3e6403aafdcee0fd7
|
| Sha384 | 0e50ba38d3e6d3b1eeccf3cd791c71e71a9dc5669c61ba57e9825112c4a0c928ae8d1786c638712c44fce8821e5ce091
|
| Sha512 | c92e851062f026402d964869381d4c96dca118aa22a27574a3783fa9cd61ffa2083697d2c0f951f13d22b1e5d27f8dfb8d0aa06d3fbeef6fd29629accf69d21d
|
| SSDeep | 768:NuwCfTg46YbWUn9jjmo2qr78V1xpVmcPInzjbAgX3ivDcdUkOBDZOx:NuwCfTgpM2K8Vz7mhn3bnXSvDcKdOx
|
| TLSH | 0A232A0037E8863BF2BE4F78A8F26145867AF2673603D54A1CC451DB5613FC69A426FE
|
PeID
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | aHAxYk45d0UwMTZ1Q0lMMXNzZWRXUW5GVG9LRVV0Yk8= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQANV5mcQpWUIldNqIZiFQ/zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDIyMTkzNzA1WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ8l/F6Spm+hZxfSbL+pQTD5ptDW3EQAke267EL2wBtno7NEH1IUs51BWYHrK1QT2iCMIEoGaTjVCf2PgChOTtNEfSgmNLDEtvSgGalzwJXfrBhpLjuTWsjSJAbXYMhz7A0cgaxY0IwOvWrhdbpoNtJxS9JNM9nJP8fFVdvyq1TzvlHZu8K3QeC1TN4QKs2VSqUX3V+0qxovUN6ULIJepC0K5XJV5UzVxop7BOVB8/rfUDeB8Pw72dCMZ45n+su0v61YFaa+O8e3CIPeHjUMXo31AdoAgJWNMej1UJTcms2AzMCUd5vzrwYgJHAC7vm5IPHtGazn8N56jhxxRPk0ExAetjFrxlVsBGuWbcI6vX6s2AG6qkfvJutcY+FmAlZtrqTgN8Dh/Q7IUXO433jfmdp9MenEl/YLZTHifnAu/HmiUQKAsrma2wRadytwNTOZMjyHgCg++U0DD8IM2DEBfCz7Xrz6HWCk3sRqSj+dVclgCM2q4UCotAbj6WUYNN2L+4iHz+JCghjB3owEDZREN+w4Wk0gfiVOhSAeIx77vQhdQT/2CTi0V57VzLXEdmA0vTVV2MNnpaBqlp5rO60sFVRYiAgo+FB4xJa9iqW+kY48uxROp+c8ZoFuNMIDNxPo/swWcjn4j8McZ8ZeFnHUNKMMxn5d3k+iMcT/9ehSt5QbAgMBAAGjMjAwMB0GA1UdDgQWBBR9gIvoJ/NQ59MoeYP4lUlw52dxcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAAj7FZm01cU/rKzHiewCba6kJQRW934TX8Q+qlqrtG15HlgL9eOMBgTkQK7ZqpNfVvicrbj75BMJTvB28WMlJFMd9dYrSTDL+xIg8d6v9O6N1KIGwy7DeDotZjGH4+A6waRTXdB3rfjDqQT9Pqx7qRsz7Nhy0fmqtiuJ+hB9ojRs5gmO2pEGeEtT+STx+cBHFHyBkJ6010WZ5tF+NTmSAB+Iq+y7+bNTkqqlhpOr5/cEgj4jshda24Iajx88ktLMOeEOLR0/8Ppa25aNJUZdfWXztVqzbsHCULWYUU5NT+NdPiECUjiMab/pH5vEw5v2pKcH/Bh/hfVYq6J8mWRfN3cGAKwn/1zbrhdU0SiIknPpxrCsPbIhVYhliYv7xwHH9Sd3XnskQHim6UfEdcPruOH+gFFMtZfJ1AkG6FVLY+gByUjcyxoTsjWr0ixYA/4BVwCXbbQ3ZGy2b3gsbNuhgO396GfzyJPAbXHncFthAw4tU0ugBKZ6r14hTFSt3wu43r7VMogU+TLa+lKwzlMObI8/AOf7vEFDW4W4elibz5Dk/ybVx7ZqZNW/Q7tMmUyNODcT5WqdnLBByncsHbG8KIxetgUpxIcuj0nBXskI0Jbxm3/p6VMZZZXuYrr2GnLEvRnnObTgw9ZtGMnxFGWgEFTjlswi5f3xS4qSvr2+jatg== |
| ServerSignature | ml/SyxuUMaaA7ptRbWpPa//f6Y97LAu3yV7X7CX/ERx59FKYZeEpMORSvGI4c0I+nGAqa2rBo9lv8ZFQrUrOIqQkFbUmHvUh21PghtI/t2SxkvRNeU3u8vOE98dh7kwkD96hkE9NJB8RiNiWoKRYkJ+QjGmECthzLswGXOBRb4mrsfrWVkhhWOLqHYg2Rm3rbGPng7U+q2RXYf9I6/obtywV/cregv1jnCi47+K4/DqlYGoN2/2LsAmcGUb3dRFz/ozHapCS5SiwhFai8JMsueYkIw5r5dmOGCrfVHebi50oUvwKraxBrIy8t/Tl+nEyjcYNkfvJ/jtj4OL0tbGcdrZAS2l9JlDkhKhSWDoE1c/BvgCtGXUMdx50dmTGdHdBk95AWtTuThIM29/q2Qppum4BsN2TOLwV0K98+mbagVKILzeT4/VVdfxNvI/qMaH/7gBMYypN4WauWx3nZ1NBgmVNHVTlPvca/P/JStxmYcP/HHsK1YTbk7gY3v+uskrBuE4uQJD7KEPxACdYF+5lhAVFk77njoUrf/QQzL01kIm4gvlPkrS2EFMSoV6aUWm47DCbAWgqeYahuJAe93isqZcl/TXYnwVwNj8IqFmiE2Z+dSZN56eR5Q442IsKIPHBnhmPzKa8qGFo9VzNVxX4UJUobNV9a4Yz |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | 91.231.222.220 |
| Ports | 7076 |
| Mutex | boot_lbdT60T1DC4 |
| Version | 0.5.8 |
| Delay | 3 |
| Group | 1 |
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
| Module Name | boot.exe |
| Full Name | boot.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | boot.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | boot |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
| Module Name | boot.exe |
| Full Name | boot.exe |
| EntryPoint | System.Void Client.Program::Main() |
| Scope Name | boot.exe |
| Scope Type | ModuleDef |
| Kind | Windows |
| Runtime Version | v4.0.30319 |
| Tables Header Version | 512 |
| WinMD Version | <null> |
| Assembly Name | boot |
| Assembly Version | 1.0.0.0 |
| Assembly Culture | <null> |
| Has PublicKey | False |
| PublicKey Token | <null> |
| Target Framework | .NETFramework,Version=v4.0,Profile=Client |
| Total Strings | 120 |
| Main Method | System.Void Client.Program::Main() |
| Main IL Instruction Count | 51 |
| Main IL | ldc.i4.0 <null> stloc.0 <null> br IL_0015: ldloc.0 ldc.i4 1000 call System.Void System.Threading.Thread::Sleep(System.Int32) ldloc.0 <null> ldc.i4.1 <null> add <null> stloc.0 <null> ldloc.0 <null> ldsfld System.String Client.Settings::Delay call System.Int32 System.Convert::ToInt32(System.String) blt.s IL_0007: ldc.i4 1000 call System.Boolean Client.Settings::InitializeSettings() brtrue IL_0032: nop ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) nop <null> call System.Boolean Client.Helper.MutexControl::CreateMutex() brtrue IL_0043: ldsfld System.String Client.Settings::Anti ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) ldsfld System.String Client.Settings::Anti call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0057: ldsfld System.String Client.Settings::Install call System.Void Client.Helper.Anti_Analysis::RunAntiAnalysis() ldsfld System.String Client.Settings::Install call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_006B: ldsfld System.String Client.Settings::BDOS call System.Void Client.Install.NormalStartup::Install() ldsfld System.String Client.Settings::BDOS call System.Boolean System.Convert::ToBoolean(System.String) brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Boolean Client.Helper.Methods::IsAdmin() brfalse IL_0089: call System.Void Client.Helper.Methods::PreventSleep() call System.Void Client.Helper.ProcessCritical::Set() call System.Void Client.Helper.Methods::PreventSleep() leave IL_0099: nop pop <null> leave IL_0099: nop nop <null> call System.Boolean Client.Connection.ClientSocket::get_IsConnected() brtrue IL_00AE: leave IL_00B9 call System.Void Client.Connection.ClientSocket::Reconnect() call System.Void Client.Connection.ClientSocket::InitializeClient() leave IL_00B9: ldc.i4 5000 pop <null> leave IL_00B9: ldc.i4 5000 ldc.i4 5000 call System.Void System.Threading.Thread::Sleep(System.Int32) br.s IL_0099: nop |
|
Name0 | Value |
|---|---|
| Key (AES_256) | aHAxYk45d0UwMTZ1Q0lMMXNzZWRXUW5GVG9LRVV0Yk8= |
| CnC | 91.231.222.220 |
| Ports | 7076 |
| Mutex | boot_lbdT60T1DC4 |
|
Config. Field0 | Value |
|---|---|
| Key (AES_256) | aHAxYk45d0UwMTZ1Q0lMMXNzZWRXUW5GVG9LRVV0Yk8= |
| Pastebin | - |
| Certificate | MIIE8jCCAtqgAwIBAgIQANV5mcQpWUIldNqIZiFQ/zANBgkqhkiG9w0BAQ0FADAaMRgwFgYDVQQDDA9Bc3luY1JBVCBTZXJ2ZXIwIBcNMjUxMDIyMTkzNzA1WhgPOTk5OTEyMzEyMzU5NTlaMBoxGDAWBgNVBAMMD0FzeW5jUkFUIFNlcnZlcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ8l/F6Spm+hZxfSbL+pQTD5ptDW3EQAke267EL2wBtno7NEH1IUs51BWYHrK1QT2iCMIEoGaTjVCf2PgChOTtNEfSgmNLDEtvSgGalzwJXfrBhpLjuTWsjSJAbXYMhz7A0cgaxY0IwOvWrhdbpoNtJxS9JNM9nJP8fFVdvyq1TzvlHZu8K3QeC1TN4QKs2VSqUX3V+0qxovUN6ULIJepC0K5XJV5UzVxop7BOVB8/rfUDeB8Pw72dCMZ45n+su0v61YFaa+O8e3CIPeHjUMXo31AdoAgJWNMej1UJTcms2AzMCUd5vzrwYgJHAC7vm5IPHtGazn8N56jhxxRPk0ExAetjFrxlVsBGuWbcI6vX6s2AG6qkfvJutcY+FmAlZtrqTgN8Dh/Q7IUXO433jfmdp9MenEl/YLZTHifnAu/HmiUQKAsrma2wRadytwNTOZMjyHgCg++U0DD8IM2DEBfCz7Xrz6HWCk3sRqSj+dVclgCM2q4UCotAbj6WUYNN2L+4iHz+JCghjB3owEDZREN+w4Wk0gfiVOhSAeIx77vQhdQT/2CTi0V57VzLXEdmA0vTVV2MNnpaBqlp5rO60sFVRYiAgo+FB4xJa9iqW+kY48uxROp+c8ZoFuNMIDNxPo/swWcjn4j8McZ8ZeFnHUNKMMxn5d3k+iMcT/9ehSt5QbAgMBAAGjMjAwMB0GA1UdDgQWBBR9gIvoJ/NQ59MoeYP4lUlw52dxcDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4ICAQAAj7FZm01cU/rKzHiewCba6kJQRW934TX8Q+qlqrtG15HlgL9eOMBgTkQK7ZqpNfVvicrbj75BMJTvB28WMlJFMd9dYrSTDL+xIg8d6v9O6N1KIGwy7DeDotZjGH4+A6waRTXdB3rfjDqQT9Pqx7qRsz7Nhy0fmqtiuJ+hB9ojRs5gmO2pEGeEtT+STx+cBHFHyBkJ6010WZ5tF+NTmSAB+Iq+y7+bNTkqqlhpOr5/cEgj4jshda24Iajx88ktLMOeEOLR0/8Ppa25aNJUZdfWXztVqzbsHCULWYUU5NT+NdPiECUjiMab/pH5vEw5v2pKcH/Bh/hfVYq6J8mWRfN3cGAKwn/1zbrhdU0SiIknPpxrCsPbIhVYhliYv7xwHH9Sd3XnskQHim6UfEdcPruOH+gFFMtZfJ1AkG6FVLY+gByUjcyxoTsjWr0ixYA/4BVwCXbbQ3ZGy2b3gsbNuhgO396GfzyJPAbXHncFthAw4tU0ugBKZ6r14hTFSt3wu43r7VMogU+TLa+lKwzlMObI8/AOf7vEFDW4W4elibz5Dk/ybVx7ZqZNW/Q7tMmUyNODcT5WqdnLBByncsHbG8KIxetgUpxIcuj0nBXskI0Jbxm3/p6VMZZZXuYrr2GnLEvRnnObTgw9ZtGMnxFGWgEFTjlswi5f3xS4qSvr2+jatg== |
| ServerSignature | ml/SyxuUMaaA7ptRbWpPa//f6Y97LAu3yV7X7CX/ERx59FKYZeEpMORSvGI4c0I+nGAqa2rBo9lv8ZFQrUrOIqQkFbUmHvUh21PghtI/t2SxkvRNeU3u8vOE98dh7kwkD96hkE9NJB8RiNiWoKRYkJ+QjGmECthzLswGXOBRb4mrsfrWVkhhWOLqHYg2Rm3rbGPng7U+q2RXYf9I6/obtywV/cregv1jnCi47+K4/DqlYGoN2/2LsAmcGUb3dRFz/ozHapCS5SiwhFai8JMsueYkIw5r5dmOGCrfVHebi50oUvwKraxBrIy8t/Tl+nEyjcYNkfvJ/jtj4OL0tbGcdrZAS2l9JlDkhKhSWDoE1c/BvgCtGXUMdx50dmTGdHdBk95AWtTuThIM29/q2Qppum4BsN2TOLwV0K98+mbagVKILzeT4/VVdfxNvI/qMaH/7gBMYypN4WauWx3nZ1NBgmVNHVTlPvca/P/JStxmYcP/HHsK1YTbk7gY3v+uskrBuE4uQJD7KEPxACdYF+5lhAVFk77njoUrf/QQzL01kIm4gvlPkrS2EFMSoV6aUWm47DCbAWgqeYahuJAe93isqZcl/TXYnwVwNj8IqFmiE2Z+dSZN56eR5Q442IsKIPHBnhmPzKa8qGFo9VzNVxX4UJUobNV9a4Yz |
| Install | false |
| BDOS | false |
| Anti-VM | false |
| Install-Folder | %AppData% |
| Hosts | 91.231.222.220 |
| Ports | 7076 |
| Mutex | boot_lbdT60T1DC4 |
| Version | 0.5.8 |
| Delay | 3 |
| Group | 1 |
|
Name0 | Value | Location |
|---|---|---|
| Key (AES_256) | aHAxYk45d0UwMTZ1Q0lMMXNzZWRXUW5GVG9LRVV0Yk8= Malicious |
09ebbfc4a7df6062505ad38e11113b20 |
| CnC | 91.231.222.220 Malicious |
09ebbfc4a7df6062505ad38e11113b20 |
| Ports | 7076 Malicious |
09ebbfc4a7df6062505ad38e11113b20 |
| Mutex | boot_lbdT60T1DC4 Malicious |
09ebbfc4a7df6062505ad38e11113b20 |